a tight lower bound for entropy flattening
play

A Tight Lower Bound for Entropy Flattening Yi-Hsiu Chen 1 os 1 Salil - PowerPoint PPT Presentation

Oct 08, 2023 •157 likes •627 views

A Tight Lower Bound for Entropy Flattening Yi-Hsiu Chen 1 os 1 Salil Vadhan 1 Jiapeng Zhang 2 Mika G o 1 Harvard University, USA 2 UC San Diego, USA June 23, 2018 1 / 18 Agenda 1 Problem Definition / Model 2 Cryptographic Motivations 3

  1. A Tight Lower Bound for Entropy Flattening Yi-Hsiu Chen 1 os 1 Salil Vadhan 1 Jiapeng Zhang 2 Mika G¨ o¨ 1 Harvard University, USA 2 UC San Diego, USA June 23, 2018 1 / 18

  2. Agenda 1 Problem Definition / Model 2 Cryptographic Motivations 3 Proof Techniques 2 / 18

  3. Flatness Definition (Entropies) Let X be a distribution over { 0 , 1 } n . Define the surprise of x to be H X ( x ) = log(1 / Pr [ X = x ]) . H sh ( X ) def = x ∼ X [ H X ( x )] , E H min ( X ) def = min x H X ( x ) , H max ( X ) def = log | Supp X | ≤ max H X ( x ) . x H min ( X ) ≤ H sh ( x ) ≤ H max ( X ) (The gap can be Θ( n ) .) A source X is flat iff H sh ( X ) = H min ( X ) = H max ( X ) . 3 / 18

  4. Entropy Flattening Flattening Algorithm A Input source X Output source Y nearly flat ( H sh ( Y ) ≈ H min ( Y ) ≈ H max ( Y ) ) 4 / 18

  5. Entropy Flattening Flattening Algorithm A Input source X Output source Y nearly flat ( H sh ( Y ) ≈ H min ( Y ) ≈ H max ( Y ) ) Entropies of the output and input sources are monotonically related. 4 / 18

  6. Entropy Flattening Flattening Algorithm A Input source X Output source Y nearly flat ( H sh ( Y ) ≈ H min ( Y ) ≈ H max ( Y ) ) Entropies of the output and input sources are monotonically related. max max min flattening min/max Shannon gap sh � gap max sh min min X L X H Y L Y H 4 / 18

  7. Entropy Flattening Entropy Flattening Problem Find an flattening algorithm A : If H sh ( X ) ≥ τ + 1 , then H ε min ( Y ) ≥ k + ∆ . If H sh ( X ) ≤ τ − 1 , then H ε max ( Y ) ≤ k − ∆ . 5 / 18

  8. Entropy Flattening Entropy Flattening Problem Find an flattening algorithm A : If H sh ( X ) ≥ τ + 1 , then H ε min ( Y ) ≥ k + ∆ . If H sh ( X ) ≤ τ − 1 , then H ε max ( Y ) ≤ k − ∆ . Smooth Entropies min ( Y ) ≥ k if ∃ Y ′ s.t. H min ( Y ) ≥ k and d TV ( Y, Y ′ ) ≤ ε . H ε max ( Y ) ≤ k if ∃ Y ′ s.t. H max ( Y ) ≤ k and d TV ( Y, Y ′ ) ≤ ε . H ε 5 / 18

  9. Solution: Repetition Theorem ([HILL99, HR11]) X : a distribution over { 0 , 1 } n . Let Y = ( X 1 , . . . , X q ) where X i s are i.i.d. copies of X . � � � H ε min ( Y ) , H ε max ( Y ) ∈ H sh ( Y ) ± O n q log(1 /ε ) � � � �� log(1 /ε ) q · H sh ( X ) ± O n q (Asymptotic Equipartition Property (AEP) in information theory) 6 / 18

  10. Solution: Repetition Theorem ([HILL99, HR11]) X : a distribution over { 0 , 1 } n . Let Y = ( X 1 , . . . , X q ) where X i s are i.i.d. copies of X . � � � H ε min ( Y ) , H ε max ( Y ) ∈ H sh ( Y ) ± O n q log(1 /ε ) � � � �� log(1 /ε ) q · H sh ( X ) ± O n q (Asymptotic Equipartition Property (AEP) in information theory) q = O ( n 2 ) is sufficient for the constant entropy gap. q = Ω( n 2 ) is needed due to anti-concentration results. [HR11] 6 / 18

  11. Query Model The Model: Input source : encoded by a function f : { 0 , 1 } n → { 0 , 1 } m and defined as f ( U n ) . Flattening algorithm : oracle algorithm A f : { 0 , 1 } n ′ → { 0 , 1 } m ′ has query access to f . Output source : A f ( U n ′ ) . Example : A f ( r 1 , . . . , r q ) = ( f ( r 1 ) , . . . , f ( r q )) 7 / 18

  12. Query Model The Model: Input source : encoded by a function f : { 0 , 1 } n → { 0 , 1 } m and defined as f ( U n ) . Flattening algorithm : oracle algorithm A f : { 0 , 1 } n ′ → { 0 , 1 } m ′ has query access to f . Output source : A f ( U n ′ ) . Example : A f ( r 1 , . . . , r q ) = ( f ( r 1 ) , . . . , f ( r q )) Def: Flattening Algorithm � ≥ τ + 1 � ≥ k + ∆ � f ( U n ) � A f ( U n ′ ) H ε H sh ⇒ min � ≤ τ − 1 � ≤ k − ∆ � f ( U n ) � A f ( U n ′ ) H ε H sh ⇒ max 7 / 18

  13. Query Model The Model: Input source : encoded by a function f : { 0 , 1 } n → { 0 , 1 } m and defined as f ( U n ) . Flattening algorithm : oracle algorithm A f : { 0 , 1 } n ′ → { 0 , 1 } m ′ has query access to f . Output source : A f ( U n ′ ) . Example : A f ( r 1 , . . . , r q ) = ( f ( r 1 ) , . . . , f ( r q )) Def: Flattening Algorithm � ≥ τ + 1 � ≥ k + ∆ � f ( U n ) � A f ( U n ′ ) H ε H sh ⇒ min � ≤ τ − 1 � ≤ k − ∆ � f ( U n ) � A f ( U n ′ ) H ε H sh ⇒ max More powerful: Querying correlated positions or even in an adaptive way. Computation on the query inputs. e.g., hashing 7 / 18

  14. Main Theorems Theorem Flattening algorithms for n -bit oracles f require Ω( n 2 ) oracle queries. 8 / 18

  15. Main Theorems Theorem Flattening algorithms for n -bit oracles f require Ω( n 2 ) oracle queries. Def: SDU Algorithm � ≥ τ + 1 � A f ( U n ′ ) , U m ′ � < ε . � f ( U n ) H sh ⇒ d TV � ≤ τ − 1 � / 2 m ′ ≤ ε . � f ( U n ) � A f ( U n ′ ) H sh ⇒ Supp Flattening Algorithm ⇐ ⇒ SDU Algorithm (Reduction between two NISZK-complete problems [GSV99]) Theorem SDU algorithms for n -bit oracles f require Ω( n 2 ) oracle queries. 8 / 18

  16. Connection to Cryptographic Constructions Example : OWF f → PRG g f ([HILL90, Hol06, HHR06, HRV10, VZ13]): 1 Create a gap between “pseudoentropy” and (true) entropy. 2 Guess the entropy threshold τ (or other tricks). 3 Flatten entropies. 4 Extract the pseudorandomness (via universal hashing). 9 / 18

  17. Connection to Cryptographic Constructions Example : OWF f → PRG g f ([HILL90, Hol06, HHR06, HRV10, VZ13]): 1 Create a gap between “pseudoentropy” and (true) entropy. 2 Guess the entropy threshold τ (or other tricks). ˜ O ( n ) queries 3 Flatten entropies. ˜ O ( n 2 ) queries 4 Extract the pseudorandomness (via universal hashing). Overall, the best PRG makes ˜ O ( n 3 ) queries to the one-way function [HRV10, VZ13]. From regular one-way function, Step 3 is unnecessary, and so ˜ O ( n ) query is sufficient. [HHR06] 9 / 18

  18. Connection to Cryptographic Constructions Example : OWF f → PRG g f ([HILL90, Hol06, HHR06, HRV10, VZ13]): 1 Create a gap between “pseudoentropy” and (true) entropy. 2 Guess the entropy threshold τ (or other tricks). ˜ O ( n ) queries 3 Flatten entropies. ˜ O ( n 2 ) queries 4 Extract the pseudorandomness (via universal hashing). Overall, the best PRG makes ˜ O ( n 3 ) queries to the one-way function [HRV10, VZ13]. From regular one-way function, Step 3 is unnecessary, and so ˜ O ( n ) query is sufficient. [HHR06] Holenstein and Sinha ([HS12]) prove that any black-box construction requires ˜ Ω( n ) queries. (From Step 2. Applicable to regular OWF) 9 / 18

  19. Connection to Cryptographic Constructions Example : OWF f → PRG g f ([HILL90, Hol06, HHR06, HRV10, VZ13]): 1 Create a gap between “pseudoentropy” and (true) entropy. 2 Guess the entropy threshold τ (or other tricks). ˜ O ( n ) queries 3 Flatten entropies. ˜ O ( n 2 ) queries 4 Extract the pseudorandomness (via universal hashing). Overall, the best PRG makes ˜ O ( n 3 ) queries to the one-way function [HRV10, VZ13]. From regular one-way function, Step 3 is unnecessary, and so ˜ O ( n ) query is sufficient. [HHR06] Holenstein and Sinha ([HS12]) prove that any black-box construction requires ˜ Ω( n ) queries. (From Step 2. Applicable to regular OWF) Can we do better in the entropy flattening step? 9 / 18

  20. Overview of the Proof Def: SDU Algorithm � ≥ τ + 1 � A f ( U n ′ ) , U m ′ � < ε . � f ( U n ) H sh ⇒ d TV � ≤ τ − 1 � / 2 m ′ ≤ ε . � f ( U n ) � A f ( U n ′ ) H sh ⇒ Supp 1 Construct distributions D H and D L : Sample f from D H , then H sh ( f ( U n )) ≥ τ + 1 w.h.p. Sample f from D L , then H sh ( f ( U n )) ≤ τ − 1 w.h.p. 2 A cannot “behave very different” on both distributions by making only q = o ( n 2 ) queries. 10 / 18

  21. Construction of f Partition the domain into s blocks, each with t elements ( s · t = 2 n ) Concentrated: map to the same element. Scattered: map to all distinct elements. 2 3 n/ 4 blocks f � �� � . . . { 0 , 1 } n Sca Sca Con Sca Con Sca � �� � 2 n/ 4 elements ↓ { 0 , 1 } m 11 / 18

  22. Construction of f Partition the domain into s blocks, each with t elements ( s · t = 2 n ) Concentrated: map to the same element. Scattered: map to all distinct elements. 2 3 n/ 4 blocks f � �� � . . . { 0 , 1 } n Sca Sca Con Sca Con Sca � �� � 2 n/ 4 elements ↓ { 0 , 1 } m ≥ s · (1 / 2 + 4 /n ) blocks are scattered ⇒ H sh ( f ) ≥ 7 n/ 8 + 1 ≤ s · (1 / 2 − 4 /n ) blocks are scattered ⇒ H sh ( f ) ≤ 7 n/ 8 − 1 11 / 18

  23. D H and D L 2 3 n/ 4 blocks f � �� � . . . { 0 , 1 } n Sca Sca Con Sca Con Sca � �� � 2 n/ 4 elements ↓ { 0 , 1 } m 1 Randomly partition { 0 , 1 } n into 2 3 n/ 4 blocks. 12 / 18

  24. D H and D L 2 3 n/ 4 blocks f � �� � . . . { 0 , 1 } n Sca Sca Con Sca Con Sca � �� � 2 n/ 4 elements ↓ { 0 , 1 } m 1 Randomly partition { 0 , 1 } n into 2 3 n/ 4 blocks. 2 Decide each block to be scattered or concentrated. D H : scattered with probability (1 / 2 + 5 /n ) , then w.h.p, ≥ s · (1 / 2 + 4 /n ) blocks are scattered D L : scattered with probability (1 / 2 − 5 /n ) , then w.h.p, ≤ s · (1 / 2 − 4 /n ) blocks are scattered 12 / 18

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Tight Lower Bound for Comparison-Based Quantile Summaries Pavel Vesel y University of Warwick

Tight Lower Bound for Comparison-Based Quantile Summaries Pavel Vesel y University of Warwick

Tight Lower Bound for Comparison-Based Quantile Summaries Pavel Vesel y University of Warwick 8 April 2020 Based on joint work with Graham Cormode (Warwick) Powered by Beamer i k Z Overview of the talk &amp; Quantiles &amp; Distributions

652 views • 52 slides
On the lower bound of the viscosity to entropy denstiy ratio Antal Jakov ac BME Technical

On the lower bound of the viscosity to entropy denstiy ratio Antal Jakov ac BME Technical

Introduction eta/s in field theory Quasiparticle systems Conclusions On the lower bound of the viscosity to entropy denstiy ratio Antal Jakov ac BME Technical University Budapest A. Jakovac and D. Nogradi, arXiv:0810.4181 A. Jakovac,

775 views • 51 slides
Tight lower bound for the Channel Assignment problem Arkadiusz Socaa University of Warsaw

Tight lower bound for the Channel Assignment problem Arkadiusz Socaa University of Warsaw

Tight lower bound for the Channel Assignment problem Arkadiusz Socaa University of Warsaw Arkadiusz Socaa Tight lower bound for the Channel Assignment problem Graph Coloring Recall the Graph Coloring problem. 2 1 3 3 1 2 1 coloring

551 views • 30 slides
A Superpolynomial Lower Bound for Clique Function Circuits with at most 1 6 loglog n Negation

A Superpolynomial Lower Bound for Clique Function Circuits with at most 1 6 loglog n Negation

Main Results Hawks Eye View Extending Montone Lower Bounds to Limited Negations Monotone Lower bound for Clique function using Bottleneck counting Connecting the two worlds Thank You A Superpolynomial Lower Bound for Clique Function

1.03k views • 71 slides
SVMpAUC-tight: A new algorithm for optimizing partial AUC based on a tight convex upper bound

SVMpAUC-tight: A new algorithm for optimizing partial AUC based on a tight convex upper bound

SVMpAUC-tight: A new algorithm for optimizing partial AUC based on a tight convex upper bound Harikrishna Narasimhan and Shivani Agarwal Department of Computer Science and Automation Indian Institute of Science, Bangalore Receiver Operating

1.12k views • 90 slides
CR05, course 2: Pebble Games 2/2 Summary on the (black) pebble game Red-Blue Pebble Game for I/Os

CR05, course 2: Pebble Games 2/2 Summary on the (black) pebble game Red-Blue Pebble Game for I/Os

CR05, course 2: Pebble Games 2/2 Summary on the (black) pebble game Red-Blue Pebble Game for I/Os Hong-Kung Lower Bound Method Tight Lower Bound for Matrix Product Extensions and Performance Bounds 1 / 25 Outline Summary on the (black)

284 views • 25 slides
Sorting Lower Bound Sorting Lower Bound 1 Comparison-Based Sorting (10.4) Many sorting

Sorting Lower Bound Sorting Lower Bound 1 Comparison-Based Sorting (10.4) Many sorting

Sorting Lower Bound Sorting Lower Bound 1 Comparison-Based Sorting (10.4) Many sorting algorithms are comparison based. They sort by making comparisons between pairs of objects Examples: bubble-sort, selection-sort, insertion-sort,

75 views • 5 slides
4. Source Encoding Methods Called also entropy coders , because the methods try to get

4. Source Encoding Methods Called also entropy coders , because the methods try to get

4. Source Encoding Methods Called also entropy coders , because the methods try to get close to the entropy (i.e. lower bound of compression). statistical coders , because the methods assume the probability distribution of the source

1.06k views • 33 slides
Upper and Lower Loop Bound Estimation by Symbolic Execution and Loop Acceleration Pavel Cadek

Upper and Lower Loop Bound Estimation by Symbolic Execution and Loop Acceleration Pavel Cadek

Upper and Lower Loop Bound Estimation by Symbolic Execution and Loop Acceleration Pavel Cadek 1 1 TU Wien, Austria Formal Methods in Computer-Aided Design 30 Oct - 2 Nov, 2018 Loop Bound Analysis Upper loop bound: max { n , 0 } Lower loop

248 views • 5 slides
Techniques to lower bound extension complexity Thomas Rothvoss UW Seattle Known lower bounds on

Techniques to lower bound extension complexity Thomas Rothvoss UW Seattle Known lower bounds on

Techniques to lower bound extension complexity Thomas Rothvoss UW Seattle Known lower bounds on extended formulation Kaibel, Razborovs Inform. SA Weltge symmetry arg. theory + Fourier COR/ yes yes yes ? TSP [KW13]

1.25k views • 108 slides
Entropy, Relative Entropy, Cross Entropy Entropy Entropy, H(x) is a measure of the uncertainty of

Entropy, Relative Entropy, Cross Entropy Entropy Entropy, H(x) is a measure of the uncertainty of

Entropy, Relative Entropy, Cross Entropy Entropy Entropy, H(x) is a measure of the uncertainty of a discrete random variable. Properties: H(x) &gt;= 0 Entropy Entropy Lesser the probability for an event, larger the entropy.

471 views • 21 slides
A Tight Bound on Approximating Arbitrary Metrics by Tree Metrics Jittat Fakcheroenphol Satish

A Tight Bound on Approximating Arbitrary Metrics by Tree Metrics Jittat Fakcheroenphol Satish

A Tight Bound on Approximating Arbitrary Metrics by Tree Metrics Jittat Fakcheroenphol Satish Rao Kunal Talwar STOC 2003, JCSS 2004 Presented by Jian XIA for COMP670P: Topics in Theory: Metric Embeddings and Algorithms Spring 2007, HKUST

325 views • 14 slides
A subexponential lower bound for Zadehs pivoting rule for solving linear programs and games

A subexponential lower bound for Zadehs pivoting rule for solving linear programs and games

A subexponential lower bound for Zadehs pivoting rule for solving linear programs and games Oliver Friedmann Department of Computer Science, Ludwig-Maximilians-Universit at Munich, Germany. Oliver Friedmann (LMU) Zadeh Lower Bound 1

1.72k views • 156 slides
MA Macroeconomics 6. The Zero Lower Bound and the Liquidity Trap Karl Whelan School of

MA Macroeconomics 6. The Zero Lower Bound and the Liquidity Trap Karl Whelan School of

MA Macroeconomics 6. The Zero Lower Bound and the Liquidity Trap Karl Whelan School of Economics, UCD Autumn 2014 Karl Whelan (UCD) The Zero Lower Bound Autumn 2014 1 / 25 Can Interest Rates Be Negative? Up to now, we have assumed that the

493 views • 25 slides
Advanced Macroeconomics 4. The Zero Lower Bound and the Liquidity Trap Karl Whelan School of

Advanced Macroeconomics 4. The Zero Lower Bound and the Liquidity Trap Karl Whelan School of

Advanced Macroeconomics 4. The Zero Lower Bound and the Liquidity Trap Karl Whelan School of Economics, UCD Spring 2020 Karl Whelan (UCD) The Zero Lower Bound Spring 2020 1 / 21 Can Interest Rates Be Negative? Up to now, we have assumed

541 views • 21 slides
Recent progress on a sharp lower bound for first (nonzero) Steklov eigenvalue Chao Xia (Xiamen

Recent progress on a sharp lower bound for first (nonzero) Steklov eigenvalue Chao Xia (Xiamen

Recent progress on a sharp lower bound for first (nonzero) Steklov eigenvalue Chao Xia (Xiamen University) (joint with Changwei Xiong) Asia-Pacific Analysis and PDE Seminar May 11th, 2020 1 / 30 Table of Contents Review of eigenvalue lower

779 views • 32 slides
Information Complexity and Applications Mark Braverman Princeton University and IAS FoCM17

Information Complexity and Applications Mark Braverman Princeton University and IAS FoCM17

Information Complexity and Applications Mark Braverman Princeton University and IAS FoCM17 July 17, 2017 Coding vs complexity: a tale of two theories Coding Computational Complexity Goal: data transmission Goal: computation Different

1.08k views • 59 slides
Shannon entropy as leitmotiv for string model building Sven Krippendorf Workshop on Big Data

Shannon entropy as leitmotiv for string model building Sven Krippendorf Workshop on Big Data

Shannon entropy as leitmotiv for string model building Sven Krippendorf Workshop on Big Data in String Theory Boston, 02.12.2017 The role of naturalness in the sense of aesthetic beauty is a powerful guiding principle as they

856 views • 37 slides
A Fast, Cheap, High-Entropy Source for IoT Devices Ben Lampert, Riad Wahby, Shane Leonard,Phil

A Fast, Cheap, High-Entropy Source for IoT Devices Ben Lampert, Riad Wahby, Shane Leonard,Phil

A Fast, Cheap, High-Entropy Source for IoT Devices Ben Lampert, Riad Wahby, Shane Leonard,Phil Levis Introduction - How do you evaluate random number generators (RNG) Entropy is a measure of an adversarial information on a sequence of bits given

797 views • 28 slides
Entropy and Shannon information Entropy and Shannon information For a random variable X with

Entropy and Shannon information Entropy and Shannon information For a random variable X with

Entropy and Shannon information Entropy and Shannon information For a random variable X with distribution p(x), the entropy is H[ X ] = - S x p( x ) log 2 p( x ) Information is defined as I[ X ] = - log 2 p( x ) Mutual information Typically,

695 views • 47 slides
Noisy Channel Coding: Correlated Random Variables &amp; Communication over a Noisy Channel Toni

Noisy Channel Coding: Correlated Random Variables &amp; Communication over a Noisy Channel Toni

Noisy Channel Coding: Correlated Random Variables &amp; Communication over a Noisy Channel Toni Hirvonen Helsinki University of Technology Laboratory of Acoustics and Audio Signal Processing Toni.Hirvonen@hut.fi T-61.182 Special Course in

242 views • 20 slides
dra$-akiya-mpls-entropy-lsp-ping IETF 88, Vancouver,

dra$-akiya-mpls-entropy-lsp-ping IETF 88, Vancouver,

dra$-akiya-mpls-entropy-lsp-ping IETF 88, Vancouver, Canada Nobo Akiya George Swallow Carlos Pignataro Nagendra Kumar Background RFC4379

480 views • 10 slides
The entanglement entropy and its universal behaviour in one dimension Benjamin Doyon Department

The entanglement entropy and its universal behaviour in one dimension Benjamin Doyon Department

The entanglement entropy and its universal behaviour in one dimension Benjamin Doyon Department of mathematical sciences, Durham University, UK Florence, September 2008 Entanglement in quantum mechanics Entanglement occurs when a

282 views • 26 slides
Lecture 1 Capacity of the Gaussian Channel Basic concepts in information theory: Appendix B

Lecture 1 Capacity of the Gaussian Channel Basic concepts in information theory: Appendix B

Lecture 1 Capacity of the Gaussian Channel Basic concepts in information theory: Appendix B Capacity of the Gaussian channel: Appendix B, Ch. 5.13 Mikael Skoglund, Theoretical Foundations of Wireless 1/23 Entropy and Mutual

307 views • 12 slides

More recommend